CVE-2013-5372

Sažetak

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

Reference

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86662
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

19-10-2013 - 10:36